General

  • Target

    33b22fce68d5d7bd08e86b8506c50bdfcd38c26db5983864e8d33bdf62f53272.exe

  • Size

    2.0MB

  • Sample

    241117-jxktzazjfr

  • MD5

    166d71e145b2c802acd2b0a07e070bad

  • SHA1

    1c84d2e573e7096040fbe6e950fbff764aa11096

  • SHA256

    33b22fce68d5d7bd08e86b8506c50bdfcd38c26db5983864e8d33bdf62f53272

  • SHA512

    5137efaeda15554cf5b8ff68516d91b9cb3e960b85970f535e8735b1705f62cb390ffef4c7b964ed33764cd3b772aaca0ac1468ec67abe7fd2de9ddf2465f6e4

  • SSDEEP

    49152:VIf3w6NbHHBp7k5hhJ+j0h7x0vRNT1UTzPN0EkHbG+n9:VIfwYt5ShrfKvo1U

Malware Config

Targets

    • Target

      33b22fce68d5d7bd08e86b8506c50bdfcd38c26db5983864e8d33bdf62f53272.exe

    • Size

      2.0MB

    • MD5

      166d71e145b2c802acd2b0a07e070bad

    • SHA1

      1c84d2e573e7096040fbe6e950fbff764aa11096

    • SHA256

      33b22fce68d5d7bd08e86b8506c50bdfcd38c26db5983864e8d33bdf62f53272

    • SHA512

      5137efaeda15554cf5b8ff68516d91b9cb3e960b85970f535e8735b1705f62cb390ffef4c7b964ed33764cd3b772aaca0ac1468ec67abe7fd2de9ddf2465f6e4

    • SSDEEP

      49152:VIf3w6NbHHBp7k5hhJ+j0h7x0vRNT1UTzPN0EkHbG+n9:VIfwYt5ShrfKvo1U

    • NetSupport

      NetSupport is a remote access tool sold as a legitimate system administration software.

    • Netsupport family

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

MITRE ATT&CK Enterprise v15

Tasks